Development of a new Windows 10 KASLR Bypass (in One WinDBG Command)
by Morten Schenk
Windows 10 1809 Kernel ASLR Bypass Evolution
When it is well-implemented, Kernel Address Space Layout Randomization (KASLR) makes Windows kernel exploitation extremely difficult by making it impractical to obtain the base address of a kernel driver directly. In an attempt to bypass this, researchers have historically focussed on kernel address leaks to retrieve these addresses, either through specific kernel-memory disclosure vulnerabilities or using a kernel-mode read primitive created through a kernel vulnerability like a pool overflow or a write-what-where.
Read More